The remote host is missing an update to proftpdannounced via advisory MDVSA-2011:023.

A vulnerability has been found and corrected in proftpd:

Heap-based buffer overflow in the sql_prepare_where function(contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled,allows remote attackers to cause a denial of service (crash) andpossibly execute arbitrary code via a crafted username containingsubstitution tags, which are not properly handled during constructionof an SQL query (CVE-2010-4652).